This wiki has undergone a migration to Confluence found Here

Difference between revisions of "November 19, 2018 GDPR whitepaper on FHIR call"

From HL7Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''  
 
!x||'''Member Name'''|| !!  x ||'''Member Name''' !!|| x ||'''Member Name''' !!|| x ||'''Member Name'''  
 
|-
 
|-
||  .|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
+
||  X|| [mailto:JohnMoerke@gmail.com John Moehrke] Security Co-chair
||||.|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
+
||||X|| [mailto:Kathleen_Connor@comcast.net Kathleen Connor] Security Co-chair  
||||.|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
+
||||X|| [mailto:mense@fhtw.onmicrosoft.com Alexander Mense] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 
||||.|| [mailto:trish.williams@ecu.edu.au Trish Williams] Security Co-chair
 
|-.
 
|-.
 
||  .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
 
||  .|| [mailto:Christopher.Shawn2@va.gov Christopher Shawn] Security Co-chair
||||.|| [mailto:david.pyke@readycomputing.com David Pyke] PCBP Co-Chair
+
||||X|| [mailto:david.pyke@readycomputing.com David Pyke] CBCP Co-Chair
||||.|| [mailto:giorgio.cangioli@gmail.com Giorgio Cangioli]
+
||||X|| [mailto:giorgio.cangioli@gmail.com Giorgio Cangioli]
 
||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy]
 
||||.|| [mailto:joseph.lamy@ssa.gov Joe Lamy]
 
   
 
   
 
|-
 
|-
||  .|| [mailto:peter.van.liesdonk@philips.com Peter van Liesdonk]
+
||  X|| [mailto:peter.van.liesdonk@philips.com Peter van Liesdonk]
 
||||.|| [mailto:  ]
 
||||.|| [mailto:  ]
 
||||.|| [mailto:  ]
 
||||.|| [mailto:  ]
Line 32: Line 32:
 
#''(10 min)'' Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing)
 
#''(10 min)'' Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing)
 
#''(20 min)'' Harmonization discussion - PoU vs. Purpose of Processing  
 
#''(20 min)'' Harmonization discussion - PoU vs. Purpose of Processing  
#''(10 min)'' '''Uses cases (Georgio) '''
+
#''(10 min)'' IPS uses case - current state (Georgio) (link: https://docs.google.com/document/d/1j8tWH52kEg_D_V2G8CXbKajfmidIk8P24HUbH0pHKjQ/edit?usp=sharing)
#''(5 min)'' Reminder - issues from WGM:
+
#''(5 min)'' Reminder - open issues from WGM, still to be addressed:
  
 
Are update events to be reported in a transparency report?
 
Are update events to be reported in a transparency report?
Line 39: Line 39:
  
 
Operations:
 
Operations:
Grahams to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... Is there a need for it to report what it deleted? Or what it didn't?  It does need to report external recipients
+
Graham poposes to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... (question: is there a need for it to report what it deleted? Or what it didn't?  Nevertheless, it does need to report external recipients)
Is it necessary tp report what was deleted?
+
 
Operation for transparency: search on AuditEvents?
+
Is there a need for a Operation for transparency: i.e. a search on AuditEvents?
  
 
Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.
 
Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.

Latest revision as of 16:57, 26 November 2018

Back to Security GDPR Page

Attendees

x Member Name x Member Name x Member Name x Member Name
X John Moehrke Security Co-chair X Kathleen Connor Security Co-chair X Alexander Mense Security Co-chair . Trish Williams Security Co-chair
. Christopher Shawn Security Co-chair X David Pyke CBCP Co-Chair X Giorgio Cangioli . Joe Lamy
X Peter van Liesdonk . [mailto: ] . [mailto: ] . [mailto: ]

Back to Security GDPR Page

Agenda

  1. (5 min) Roll Call, Agenda Approval
  2. (10 min) Presentation Proposal "Purpose of Processing" (Peter) (link: https://docs.google.com/document/d/1rIHhL5FTIFVD9EGgW70SkElfsMH9ofHoDuYnVHMOZF4/edit?usp=sharing)
  3. (20 min) Harmonization discussion - PoU vs. Purpose of Processing
  4. (10 min) IPS uses case - current state (Georgio) (link: https://docs.google.com/document/d/1j8tWH52kEg_D_V2G8CXbKajfmidIk8P24HUbH0pHKjQ/edit?usp=sharing)
  5. (5 min) Reminder - open issues from WGM, still to be addressed:

Are update events to be reported in a transparency report? Depth of Provenance

Operations: Graham poposes to define an erasure operation that takes a Patient or Person. It returns rejected. Success. Or partial success.... (question: is there a need for it to report what it deleted? Or what it didn't? Nevertheless, it does need to report external recipients)

Is there a need for a Operation for transparency: i.e. a search on AuditEvents?

Do we need a CapabilityStatement like resource that describes server data retention rules. Possibly useful for client too to state the client need.

We might need to address Break-Glass as a healthcare safety mechanism.


Links:

Harmonization proposal:

https://gforge.hl7.org/gf/project/security/docman/Harmonization/Nov%202018%20Harmonization/2018JulyHARM%20Initial%20PROPOSAL%20SECURITY%20v3%20and%20v2%20Table%200717%20Privacy%20Law%20and%20Consent%20Directive%20codes%20v2%20GDPR.doc

https://gdpr-info.eu/art-6-gdpr/

https://gdpr-info.eu/art-9-gdpr/

Link to Confluence page: http://confluence.hl7.org/display/SEC/FHIR+-+GDPR

Meeting Minutes (DRAFT)